CVE-2025-6050 Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

PT-2025-25643 · Unknown · Mezzanine Cms

Name of the Vulnerable Software and Affected Versions: Mezzanine CMS versions prior to 6.1.1 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability in the admin interface. It exists in the displayable links js function, which fails to properly sanitize blog post titles before...

CVE-2025-24388

A vulnerability in the OTRS Admin Interface and Agent Interface versions before OTRS 8 allow parameter injection due to for an autheniticated agent or admin user. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS 2025.X OTRS Community Edition: 6.0.x Products based on the OTRS...

PT-2025-25548 · Otrs +1 · Otrs +1

Name of the Vulnerable Software and Affected Versions: OTRS versions prior to 8 OTRS Community Edition version 6.0.x Description: A vulnerability in the OTRS Admin Interface and Agent Interface allows parameter injection for an authenticated agent or admin user. This issue affects several version...

Curfew e-Pass Management System /admin/view-pass-detail.php File SQL Injection Vulnerability

Curfew e-Pass Management System is an electronic pass management system. Curfew e-Pass Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter viewid in file /admin/view-pass-detail.php. An...

Complaint Management System /admin/edit-subcategory.php File SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter subcategory in the file /admin/edit-subcategory.php. An attacker can...

Employee Record Management System /admin/allemployees.php File SQL Injection Vulnerability

Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/allemployees.php. An...

CVE-2025-5778

A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. Affected is an unknown function of the file /admin. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

Small CRM /admin/manage-tickets.php File SQL Injection Vulnerability

Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter aremark in the file /admin/manage-tickets.php. An attacker can exploit this vulnerability ...

CVE-2024-39022

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/infoSysdeal.php?mudi=deal...

CVE-2024-30867

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/editvirtualsiteinfo.php...

CVE-2024-3192

A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation as part of Mail Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has...

CVE-2024-41109

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to /admin/index/statistics with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the...

CVE-2024-32254

Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image...

CVE-2023-26688

Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...

CVE-2023-44988

Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.32...

CVE-2023-22620

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...

CVE-2023-1416

A vulnerability classified as critical has been found in Simple Art Gallery 1.0. Affected is an unknown function of the file adminHome.php. The manipulation of the argument socialfacebook leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2023-23614

Pi-hole®'s Web interface based off of AdminLTE provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to Insufficient Session Expiration. Improper use of admin WEBPASSWORD hash as "Remember me for 7 days" cookie value makes it possible for an...

CVE-2023-47763

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.31...